Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

openldap Cookbook

Configures a server to be an OpenLDAP master or replication slave. Also includes a recipe to install the client libs, but not to setup actual LDAP auth as there are several ways to do this. We recommend looking at our sssd_ldap cookbook

Requirements

Platforms

Ubuntu

Debian

FreeBSD

RHEL/CentOS

Fedora

openSUSE Leap

Chef

Chef 12.1+

Cookbooks

dpkg_autostart

Attributes

This is not an exhaustive list of attributes as most are directly comparable to their OpenLDAP equivalents.

Required

openldap['rootpw']

This should be a password hash generated from slappasswd. The default slappasswd command will generate a salted SHA1 hash:

$ slappasswd -s "secretsauce"
{SSHA}6BjlvtSbVCL88li8IorkqMSofkLio58/

Set this via a node/role/env attribute or in a wrapper cookbook with an encrypted data_bag. OpenLDAP will fail to start
if this is not set.

Install/Upgrade

openldap['package_install_action'] - The action to be taken for all packages in the recipes. Defaults to :install, but can also be set to :upgrade to upgrade all packages referenced in the recipes.

General configuration

openldap['schemas'] - Array of ldap schema file names to load

openldap['modules'] - Array of slapd modules names to load

TLS/SSL

If openldap['ldaps_enabled'] or openldap['tls_enabled'] are set, then openldap['tls_cert']
and openldap['tls_key'] must also be set and the files must exist prior to execution. Depending
on the certificates, openldap['tls_cafile'] may also need to be set. See the test cookbook for an example.

Recipes

default

License & Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

v3.0.1 (2017-03-27)

v3.0.0 (2017-03-16)

This version has several major breaking changes that you will need to be aware of.

cn=config via slapd.d never worked and thus the 'support' has been removed - it may return but it will be a new feature

All auth logic has been removed from this cookbook. This cookbook now only configures the server side of openldap. We highly recommend configuring LDAP auth using our sssd_ldap cookbook, which functions much better than the previous PAM config.

A config hash have been added to add arbitrary files to the ldap.config and slapd.config files. This eliminates much of the need for forking this cookbook to meet your environment's needs. See the readme for detailed information on how these hashes are converted to ldap configs.

Many attributes are no longer present or have had name/value changes

There is now only one recipe and it is default

Properly supporting all platforms listed as supported

Adoption of provider and consumer terminology

Other Changes

Documented the current process for managing certs

Remove old Ubuntu initial run steps from the Readme

Ship with more sane logging levels

Don't manage ssl out of the box.

Remove a duplicate ERB that wasn't called anywhere

Rearrange the attributes file to make more sense

Updates to the provider setup with syncrepl to make it actually work

Add new attributes to provide better control of replication

Add unit and lint testing in Travis CI

Add basic convergence Chefspec

TLS config fixes, use uri over host+port, include client_config_hash in both config files

Add new supermarket metadata

Add chef_version metadata

Resolve all cookstyle warnings

Add maintainers files

Fix recipe is expecting an attribute named "system_user", but attributes are configured to provide "system_acct".

Add TLSCipherSuite to slapd.conf

Remove node name from all configs

Log a warning error if someone tries to use the default recipe since it doesn't do anything

v2.2.0 (2015-04-16)

Added support for FreeBSD

Improved support for RHEL platforms

Removed the attributes from the metadata.rb file since they were outdated

v2.1.0 (2015-03-10)

Resolve the one and only Food Critic warning

Remove legacy LDAP Apache2 attributes that aren't used in this cookbook or in the Apache2 cookbook

Add an attribute for schemas to enable in the slapd config

Add an attribute for the modules to load in the slapd config

Make the cn used an attribute

v2.0.0 (2015-03-06)

Added URI to the client config so clients can communicate with the LDAP server

Change all package resource actions from upgrade -> install and introduce and attribute if you want to change it back. Upgrading openldap when a new package comes out is not a desired action on production systems.

Update the "Generated by Chef for xyz" comment blocks in the config templates to be consistent. This will result in config changes / service restarts due to notification

Install the most recent version of the Berkeley DB utils package. This adds support for Trusty and RHEL, but will result in a newer version of the bd-util package being installed on Precise systems.

Added new attributes to set the cookbook and source path for the SSL keys and certs. This reduces the need to fork / modify this cookbook

Added a new attribute for controlling the log level of the server

Make the ldap client package an attribute with support for RHEL

Fix the search logic in the slave recipe to not fail

Converted the cookbook to platform_family to better support Ubuntu. This means the cookbook will no longer work on Chef versions prior to 0.10.10

Updated Gemfile with up to date dependency versions

Updated Contributing doc to match the current process

Added a chefignore file to prevent ds_store files from ending up in /usr/local/bin

Switched all modes to strings to preserve the leading 0

Added a rubocop.yml file and resolved the majority of rubocop complaints